2 Comments

Nice blog! Have implemented this at a customer project as well along with SAML SSO to HANA.

One thing I would like to add is that when you enable SAML SSO in SAP Analytics Cloud there is no secondary authentication method available. This means that if make changes in the Azure application that impact your metadata.xml file, make sure you first disable SAML SSO in SAP Analytics Cloud. Otherwise, all users will be locked out and you have to create an incident on the SAP Support Portal to have operations revert it. Even the Tenant Owner can’t log in anymore :-(.

There is an enhancement created for that requirement and developers are currently examining the alternatives so at least a System owner can login to repair it if the SAML IdP is not available.

However, in this case, both are cloud products. I don’t know the SLAs for Azure AD but I presume that are far better than many internal IT departments. Repairing the authentication for your BI platform is not their first priority.

In my experience in BI Platform, authentication methods such as AD were more problematic as:

As an administrator, you may be able to use Enterprise authentication, but your users can’t and the issue is not solved until they can keep using AD

There are more opportunities to delete groups, user accounts and change settings by mistake when you manage your AD.